version 6.2(8) poweroff module 1 poweroff module 2
power redundancy-mode ps-redundant hostname RAGG-1
no system admin-vdc vdc RAGG-1 id 1
limit-resource module-type f2 f2e cpu-share 5
allocate interface Ethernet4/1-48
limit-resource vlan minimum 16 maximum 4094 limit-resource monitor-session minimum 0 maximum 2
limit-resource monitor-session-erspan-dst minimum 0 maximum 23 limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 768 limit-resource u4route-mem minimum 96 maximum 96 limit-resource u6route-mem minimum 24 maximum 24 limit-resource m4route-mem minimum 58 maximum 58 limit-resource m6route-mem minimum 8 maximum 8
limit-resource monitor-session-inband-src minimum 0 maximum 1 limit-resource anycast_bundleid minimum 0 maximum 16
limit-resource monitor-session-mx-exception-src minimum 0 maximum 1 limit-resource monitor-session-extended minimum 0 maximum 12
vdc OTV-1 id 2
limit-resource module-type m1 m1xl m2xl f2e cpu-share 5
allocate interface Ethernet3/7-8,Ethernet3/11-12 boot-order 1
limit-resource vlan minimum 16 maximum 4094 limit-resource monitor-session minimum 0 maximum 2
limit-resource monitor-session-erspan-dst minimum 0 maximum 23 limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 768 limit-resource u4route-mem minimum 8 maximum 8 limit-resource u6route-mem minimum 4 maximum 4 limit-resource m4route-mem minimum 8 maximum 8 limit-resource m6route-mem minimum 5 maximum 5
limit-resource monitor-session-inband-src minimum 0 maximum 1 limit-resource anycast_bundleid minimum 0 maximum 16
limit-resource monitor-session-mx-exception-src minimum 0 maximum 1 limit-resource monitor-session-extended minimum 0 maximum 12
vdc OTV-2 id 3
limit-resource module-type m1 m1xl m2xl f2e cpu-share 5
allocate interface Ethernet3/9-10,Ethernet3/13-14 boot-order 1
limit-resource vlan minimum 16 maximum 4094 limit-resource monitor-session minimum 0 maximum 2
limit-resource monitor-session-erspan-dst minimum 0 maximum 23 limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 768 limit-resource u4route-mem minimum 8 maximum 8 limit-resource u6route-mem minimum 4 maximum 4 limit-resource m4route-mem minimum 8 maximum 8 limit-resource m6route-mem minimum 5 maximum 5
limit-resource monitor-session-inband-src minimum 0 maximum 1 limit-resource anycast_bundleid minimum 0 maximum 16
limit-resource monitor-session-mx-exception-src minimum 0 maximum 1 limit-resource monitor-session-extended minimum 0 maximum 12
cfs eth distribute
cts device-id RAGG-1 password 7 1Oihmrdyq!
cts sxp default password 7 1Oihmrdyq!
cts sxp connection peer 10.11.101.50 source 10.11.255.11 password default mode l istener vrf default
cts sxp connection peer 10.11.101.100 source 10.11.255.11 password default mode listener vrf default
cts sxp connection peer 10.11.102.50 source 10.11.255.11 password default mode l istener vrf default
cts sxp connection peer 10.11.102.100 source 10.11.255.11 password default mode listener vrf default
cts sxp connection peer 10.11.103.50 source 10.11.255.11 password default mode l istener vrf default
cts sxp connection peer 10.11.103.100 source 10.11.255.11 password default mode listener vrf default
cts sxp connection peer 10.11.230.241 source 10.11.255.11 password default mode
speaker vrf default
cts sxp connection peer 10.11.236.33 source 10.11.255.11 password default mode l istener vrf default
cts sxp connection peer 10.11.236.34 source 10.11.255.11 password default mode l istener vrf default
cts sxp connection peer 10.11.255.1 source 10.11.255.11 password default mode li stener vrf default
cts sxp connection peer 10.11.255.2 source 10.11.255.11 password default mode li stener vrf default
feature vpc
logging level private-vlan 3
username admin password 5 $1$Oi.sBfur$yc1wX3aTeA3UzZdf3GsVu1 role network-admin username mkaneko password 5 $1$ktErVJU/$s2/FWJX1hL6OjgReHnoK10 role network-ope rator
username mkaneko role network-admin
username chambers password 5 $1$ZrHC9lwM$g3xggPHRYGndylVfYWNQ3/ role network-ad min
username bmcgloth password 5 $1$gXbx3OcJ$MdgsXlVniRpl.uY3Rp/w90 role network-ad min
username ISEServer password 5 $1$rFesQx9j$8aARna9IDBjddo83FPAc61 role network-a dmin
no password strength-check ip domain-lookup
radius-server host 10.11.230.111 key 7 "1Oihmrdyq!" pac authentication accountin g
aaa group server radius aaa-private-sg aaa group server radius CTS-RADIUS server 10.11.230.111
copp profile strict
snmp-server user admin network-admin auth md5 0xaa4c9c11831d1baa960fbb1b013158b9 priv 0xaa4c9c11831d1baa960fbb1b013158b9 localizedkey
snmp-server user mkaneko network-operator auth md5 0x48963d2d44706040ee514dbdcc0 f5e83 priv 0x48963d2d44706040ee514dbdcc0f5e83 localizedkey
snmp-server user bmcgloth network-admin auth md5 0x88ab82d413b64a8dd22659b60843a 8e9 priv 0x88ab82d413b64a8dd22659b60843a8e9 localizedkey
snmp-server user chambers network-admin auth md5 0xaa4c9c11831d1baa960fbb1b01315 8b9 priv 0xaa4c9c11831d1baa960fbb1b013158b9 localizedkey
snmp-server user ISEServer network-admin auth md5 0xaa4c9c11831d1baa960fbb1b0131 58b9 priv 0xaa4c9c11831d1baa960fbb1b013158b9 localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL rmon event 3 log trap public description ERROR(3) owner PMON@ERROR rmon event 4 log trap public description WARNING(4) owner PMON@WARNING rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO aaa authentication dot1x default group CTS-RADIUS
aaa authorization cts default group CTS-RADIUS ip route 10.11.3.0/24 10.11.103.206 name Enclave3
ip route 10.11.103.192/30 10.11.103.206 name Enclave3-bridge ip pim rp-address 10.11.255.1 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1-2,10,20,242,2000-2002,2004,3001-3002,3004,3150 vlan 2
name AltNative vlan 20
name ASA-Cluster-Control vlan 242
name VMware-blade vlan 2001
name Enclave1-North vlan 2002
name Enclave2-North vlan 2004
name FPS-outside vlan 3001
name Enclave1-South vlan 3002
name Enclave2-South vlan 3004
name FPS54-Inside
route-map Enclave3 permit 10 description Enclave3 Subnets match interface Vlan2003 vrf context management
ip route 0.0.0.0/0 10.11.236.1 vpc domain 100
role priority 10
peer-keepalive destination 10.11.236.32 source 10.11.236.31 peer-gateway
interface Vlan1 no ip redirects no ipv6 redirects interface Vlan10
description <RAGG1&2 interface>
no shutdown no ip redirects
ip address 10.11.210.45/30 ip router ospf 5 area 0.0.0.0 interface Vlan20
description <** ASA Cluster control **>
no shutdown no ip redirects interface Vlan242 no shutdown
ip address 10.11.242.254/24 ip router ospf 5 area 0.0.0.0
ip address 10.11.1.254/24 ip router ospf 5 area 0.0.0.0
ip address 10.11.2.254/24 ip router ospf 5 area 0.0.0.0
ip address 10.11.103.202/29 ip router ospf 5 area 0.0.0.0 hsrp 1
preempt
ip 10.11.103.201 interface Vlan2004 no shutdown no ip redirects
ip address 10.11.4.254/24 no ipv6 redirects
ip router ospf 5 area 0.0.0.0 hsrp 1
preempt ip 10.11.4.1
interface port-channel10 description <<vPC peer-link>>
switchport
switchport mode trunk
switchport trunk allowed vlan 10,20,242,2001-2100,3001-3100,3150 spanning-tree port type network
vpc peer-link
interface port-channel13
description <<VPC Peer SACCESS-3>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 3001-3100 spanning-tree port type normal
vpc 13
interface port-channel14
description <<VPC Peer SACCESS-4>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 3001-3100 spanning-tree port type normal
vpc 14
interface port-channel20
description ASA Cluster Data Link switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 2001-2100,3001-3100 vpc 20
interface port-channel21 description <<ASA-5-Control>>
switchport
switchport access vlan 20 spanning-tree port type edge no lacp graceful-convergence vpc 21
interface port-channel22 description <<ASA-6-Control>>
switchport
switchport access vlan 20 spanning-tree port type edge no lacp graceful-convergence vpc 22
interface port-channel23
description <<ASA-7-Control>>
switchport
switchport access vlan 20 spanning-tree port type edge no lacp graceful-convergence vpc 23
interface port-channel24 description <<ASA-8-Control>>
switchport
switchport access vlan 20 spanning-tree port type edge no lacp graceful-convergence vpc 24
interface port-channel111
description <<VPC Peer UCS Fabric A>>
switchport
switchport mode trunk
switchport trunk native vlan 242
switchport trunk allowed vlan 242,3001-3100 spanning-tree port type normal
vpc 111
interface port-channel112
description <<VPC Peer UCS Fabric B>>
switchport
switchport mode trunk
switchport trunk native vlan 242
switchport trunk allowed vlan 242,3001-3100 spanning-tree port type normal
vpc 112
interface port-channel150 mtu 9216
ip address 10.11.210.74/30 ip ospf network point-to-point no ip ospf passive-interface ip router ospf 5 area 0.0.0.0 ip pim sparse-mode
ip igmp version 3 interface port-channel151 switchport
switchport mode trunk
switchport trunk allowed vlan 20-24,2000-2100,2201-2300,3001-3100 switchport trunk allowed vlan add 3150,3201-3400
mtu 9216 vpc 151
interface port-channel251 switchport
switchport mode trunk
switchport trunk allowed vlan 20-24,2000-2100,2201-2300,3001-3100 switchport trunk allowed vlan add 3150,3201-3400
mtu 9216 vpc 251
interface Ethernet4/1
description RCORE-1 port T3/1 ip address 10.11.210.14/30 ip router ospf 5 area 0.0.0.0 ip pim sparse-mode
no shutdown
interface Ethernet4/2 no shutdown
interface Ethernet4/3
description RCORE-2 port T3/1 ip address 10.11.210.22/30 ip router ospf 5 area 0.0.0.0 ip pim sparse-mode
no shutdown
interface Ethernet4/4 no shutdown
interface Ethernet4/5
description NGA-DC-1 port 1 switchport
switchport monitor no shutdown
interface Ethernet4/6 interface Ethernet4/7 interface Ethernet4/8 interface Ethernet4/9 switchport
switchport mode trunk
switchport trunk allowed vlan 20-24,2000-2100,2201-2300,3001-3100 switchport trunk allowed vlan add 3150,3201-3400
mtu 9216
channel-group 151 mode active no shutdown
interface Ethernet4/10 switchport
switchport mode trunk
switchport trunk allowed vlan 20-24,2000-2100,2201-2300,3001-3100 switchport trunk allowed vlan add 3150,3201-3400
mtu 9216
channel-group 251 mode active no shutdown
interface Ethernet4/11 mtu 9216
channel-group 150 mode active no shutdown
interface Ethernet4/12 mtu 9216
channel-group 150 mode active no shutdown
interface Ethernet4/13
description <<VPC Peer ASA5:T6>
switchport
switchport access vlan 20 spanning-tree port type edge channel-group 21 mode active no shutdown
interface Ethernet4/14
description <<VPC Peer ASA6:T6>
switchport
switchport access vlan 20 spanning-tree port type edge channel-group 22 mode active no shutdown
interface Ethernet4/15
description <<VPC Peer ASA7:T6>
switchport
switchport access vlan 20 spanning-tree port type edge channel-group 23 mode active no shutdown
interface Ethernet4/16
description <<VPC Peer ASA8:T6>
switchport
switchport access vlan 20 spanning-tree port type edge channel-group 24 mode active no shutdown
interface Ethernet4/17
description <<VPC Peer ASA-5:T8>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 2001-2100,3001-3100 spanning-tree port type edge
channel-group 20 mode active no shutdown
interface Ethernet4/18
description <<VPC Peer ASA-6:T8>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 2001-2100,3001-3100 spanning-tree port type edge
channel-group 20 mode active no shutdown
interface Ethernet4/19
description <<VPC Peer ASA-7:T8>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 2001-2100,3001-3100 spanning-tree port type edge
channel-group 20 mode active no shutdown
interface Ethernet4/20
description <<VPC Peer ASA-8:T8>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 2001-2100,3001-3100 spanning-tree port type edge
channel-group 20 mode active no shutdown
interface Ethernet4/21 no shutdown
interface Ethernet4/22
description <<VPC Peer F-UCS-1:E1/17>>
switchport
switchport mode trunk
switchport trunk native vlan 242
switchport trunk allowed vlan 242,3001-3100 spanning-tree port type normal
channel-group 111 mode active no shutdown
interface Ethernet4/26
description <<VPC Peer SACCESS-3:E1/45>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 3001-3100 spanning-tree port type normal
channel-group 13 mode active no shutdown
interface Ethernet4/27
description <<VPC Peer F-UCS-1:E1/18>>
switchport
switchport mode trunk
switchport trunk native vlan 242
switchport trunk allowed vlan 242,3001-3100 spanning-tree port type normal
channel-group 111 mode active no shutdown
interface Ethernet4/28
description <<VPC Peer SACCESS-3:E1/46>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 3001-3100 spanning-tree port type normal
channel-group 13 mode active no shutdown
interface Ethernet4/29
description <<VPC Peer F-UCS-2:E1/17>>
switchport
switchport mode trunk
switchport trunk native vlan 242
switchport trunk allowed vlan 242,3001-3100 spanning-tree port type normal
channel-group 112 mode active no shutdown
interface Ethernet4/30
description <<VPC Peer SACCESS-4:E1/45>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 3001-3100 spanning-tree port type normal
channel-group 14 mode active no shutdown
interface Ethernet4/31
description <<VPC Peer F-UCS-2:E1/18>>
switchport
switchport mode trunk
switchport trunk native vlan 242
switchport trunk allowed vlan 242,3001-3100 spanning-tree port type normal
channel-group 112 mode active no shutdown
interface Ethernet4/32
description <<VPC Peer SACCESS-4:E1/46>>
switchport
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 3001-3100 spanning-tree port type normal
channel-group 14 mode active no shutdown
interface Ethernet4/33 interface Ethernet4/34 interface Ethernet4/35 interface Ethernet4/36 interface Ethernet4/37 interface Ethernet4/38 interface Ethernet4/39 no shutdown
interface Ethernet4/40 no shutdown
interface Ethernet4/41
description <<VPC Peer RAGG1-RAGG2:4/41>>
switchport
switchport mode trunk
switchport trunk allowed vlan 10,20,242,2001-2100,3001-3100,3150 channel-group 10 mode active
no shutdown
interface Ethernet4/42
description <<VPC Peer RAGG1-RAGG2:4/42>>
switchport
switchport mode trunk
switchport trunk allowed vlan 10,20,242,2001-2100,3001-3100,3150 channel-group 10 mode active
no shutdown
interface Ethernet4/43
description <<VPC Peer RAGG1-RAGG2:4/43>>
switchport
switchport mode trunk
switchport trunk allowed vlan 10,20,242,2001-2100,3001-3100,3150 channel-group 10 mode active
no shutdown
interface Ethernet4/44
description <<VPC Peer RAGG1-RAGG2:4/44>>
switchport
switchport mode trunk
switchport trunk allowed vlan 10,20,242,2001-2100,3001-3100,3150 channel-group 10 mode active
no shutdown
interface Ethernet4/45 interface Ethernet4/46 interface Ethernet4/47 interface Ethernet4/48 interface mgmt0
vrf member management ip address 10.11.236.31/24 interface loopback0
ip address 10.11.255.11/32 ip router ospf 5 area 0.0.0.0 cli alias name wr copy run start cli alias name bye end | exit line console
line vty
boot kickstart bootflash://sup-1/n7000-s2-kickstart.6.2.8.bin sup-1 boot system bootflash://sup-1/n7000-s2-dk9.6.2.8.bin sup-1
boot kickstart bootflash://sup-2/n7000-s2-kickstart.6.2.8.bin sup-2 boot system bootflash://sup-2/n7000-s2-dk9.6.2.8.bin sup-2
ip radius source-interface loopback0 router ospf 5
router-id 10.11.236.31
redistribute static route-map Enclave3 monitor session 5
description NGA-DC-1
source interface Ethernet4/1 both source interface Ethernet4/3 both destination interface Ethernet4/5 no shut
no system auto-upgrade epld